Providing secure access to information for improved customer service while streamlining IT operations

“Securing customer data in property and casualty insurance, life & savings, and asset management products is tantamount to protecting a company’s ethos. After all, organizations in this industry gain brand loyalty by promising to give customers’ “peace of mind,” which now includes maintaining the privacy and security of their information.

However, one leading global insurance company reports that another business mandate— offering best-in-class customer service—can pose challenges to the mandate to protect customer data. How does an organization provide anytime, anywhere access to services, while also protecting confidential customer data from unauthorized access and leak? more “Providing secure access to information for improved customer service while streamlining IT operations”

4 Ways IT must Change to Protect your Business

By E.K. Koh, VP of Solutions at NextLabs

It’s not your perimeter. It’s not your applications. In an age where there is no perimeter, where data moves from application to application, from servers to desktops to tablets and smart phones that the company does not even own, managing security at the perimeter or application is essential, but not sufficient. What is your value at risk? It is your DATA.

Data is Valuable

In a survey by Forrester, companies noted that corporate secrets (or intellectual property) comprise 2/3 of their information portfolio, with 1/3 being customer custodial data. The figure below shows the relative value of different types of data rated on a million dollar scale: more “4 Ways IT must Change to Protect your Business”

SAP Field Level Security – Augmenting Roles with Attributes

By Ashwin Bhaskar, Senior Software Engineer at NextLabs

In the first part of the blog Series, we discussed the importance of ABAC (Attributes Based Access Control) as a way to augment traditional RBAC (Role Based Access Controls) for field level security.

Let us now analyze how we can go about implementing field level security using a combination of RBAC and ABAC approaches. more “SAP Field Level Security – Augmenting Roles with Attributes”

Data Security in the Cloud – beyond Encryption

by Sudhindra Kumar, Principal Software Engineer at NextLabs

Kentucky recently joined 46 other states in the U.S. that enacted a data breach notification law.  California is the vanguard – enacting the first such law in 2002.  And now, the high profile data breaches of retailers Target and Neiman Marcus are serving as stimulants for revisions to and improvements of the breach notification laws. more “Data Security in the Cloud – beyond Encryption”

SAP Field Level Security – what are my options?

By Ashwin Bhaskar, Senior Software Engineer at NextLabs

Today’s ERP systems demand tight security controls at multiple levels of the application design. Most ERP systems, including SAP, are transactional in nature. Our customers have frequently asked us about extending security controls beyond transactions at a field level. For example, take a digital product catalog used by multiple departments within an enterprise, the view screen hides pricing information for products from a customer support rep that just needs to view technical product information. Whereas, a sales rep viewing the same product catalog would be able to view both technical and pricing information, but cannot make modifications.   Granted another level of access. is the pricing team, that can view and modify the price fields of the product catalog. more “SAP Field Level Security – what are my options?”

DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION

By Dennis Andrie,

On November 18, 2013, The Defense Acquisition Regulatory Council (DARC) issued its final ruling for Defense Acquisition Regulations System (DFARS) Subpart 204.73 and associated contract clause 252.204-7012, Safeguarding of Unclassified Controlled Technical Information.The new subpart presents a high level guide to actions that need to be undertaken by companies that contract or subcontract with the U.S. Government to protect Unclassified Controlled Technical Information in the course of executing the U.S. Government contracts. more “DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION”

Do you have SharePoint Site Explosion?

By Mandy Pang

Microsoft SharePoint server is an outstanding and widely adopted collaboration platform for sharing business-critical data. However, enterprises are finding that SharePoint’s permissions-based security model is not scalable and doesn’t provide adequate controls for sensitive, regulated, and highly valuable data. There is a rapid proliferation of SharePoint sites and data, as well as SharePoint’s ad-hoc collaboration and discretionary access control model.  Due to the rapid proliferation, organizations face an increased risk that their sensitive data will be leaked or mishandled. Because of this, users are more likely to grant access to critical assets in SharePoint in ways that may result in non-compliance and intellectual property (IP) leakage. more “Do you have SharePoint Site Explosion?”